defendtheworld.bsky.social
@defendtheworld.bsky.social
Alex Radocea. Building better routers at www.supernetworks.org
Reposted by defendtheworld.bsky.social
Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...
End-of-Train and Head-of-Train Remote Linking Protocol | CISA
www.cisa.gov
July 12, 2025 at 12:14 PM
Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...
I am at usenix woot today/tmrw! Ping if you want to connect
August 11, 2025 at 5:10 PM
I am at usenix woot today/tmrw! Ping if you want to connect
Hey bitchat users, I started a bluer/bluez rust Linux client github.com/spr-networks.... Runs in a docker container and I hooked it up to the wifi password dispenser over e2e. Each user gets their own wpa3 pass
August 7, 2025 at 8:45 PM
Hey bitchat users, I started a bluer/bluez rust Linux client github.com/spr-networks.... Runs in a docker container and I hooked it up to the wifi password dispenser over e2e. Each user gets their own wpa3 pass
Reposted by defendtheworld.bsky.social
Supply-chain attacks on open source software are getting out of hand
Supply-chain attacks on open source software are getting out of hand
Attacks affected packages, including one with ~2.8 million weekly downloads.
buff.ly
July 31, 2025 at 5:12 AM
Supply-chain attacks on open source software are getting out of hand
It’s also terribly insecure as implemented. The trusted peers can be trivially intercepted an adversary can inject themselves into a trusted chat
www.supernetworks.org/pages/blog/a...
www.supernetworks.org/pages/blog/a...
July 8, 2025 at 9:00 PM
It’s also terribly insecure as implemented. The trusted peers can be trivially intercepted an adversary can inject themselves into a trusted chat
www.supernetworks.org/pages/blog/a...
www.supernetworks.org/pages/blog/a...
Being an identical twin has its perks, like easy biometrics testing. Most vendors sensitivity isn’t as good as I hope
May 5, 2025 at 9:13 PM
Being an identical twin has its perks, like easy biometrics testing. Most vendors sensitivity isn’t as good as I hope
Reposted by defendtheworld.bsky.social
I've just been told that John Young of Cryptome.org passed away last week.
#Cryptome was foundational, and a predecessor to organizations like @ddosecrets.com and #Wikileaks.
RIP, John.
#Cryptome was foundational, and a predecessor to organizations like @ddosecrets.com and #Wikileaks.
RIP, John.
April 10, 2025 at 11:31 PM
I've just been told that John Young of Cryptome.org passed away last week.
#Cryptome was foundational, and a predecessor to organizations like @ddosecrets.com and #Wikileaks.
RIP, John.
#Cryptome was foundational, and a predecessor to organizations like @ddosecrets.com and #Wikileaks.
RIP, John.
Reposted by defendtheworld.bsky.social
Chinese officials acknowledged in a December meeting with Biden officials in Geneva that Beijing was behind the Volt Typhoon intrusions into U.S. critical infrastructure citing increasing U.S. policy support for Taiwan as an excuse www.wsj.com/politics/nat...
Exclusive | In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks
A senior Chinese official linked intrusions to escalating U.S. support for Taiwan.
www.wsj.com
April 10, 2025 at 6:03 PM
Chinese officials acknowledged in a December meeting with Biden officials in Geneva that Beijing was behind the Volt Typhoon intrusions into U.S. critical infrastructure citing increasing U.S. policy support for Taiwan as an excuse www.wsj.com/politics/nat...
Reposted by defendtheworld.bsky.social
West Coast numbers are coming in, and estimates have now surpassed 5 million. People are still pouring into the streets—nearly 2% of the American population is rising up. America, we are so proud of you. You did it.
April 5, 2025 at 11:15 PM
West Coast numbers are coming in, and estimates have now surpassed 5 million. People are still pouring into the streets—nearly 2% of the American population is rising up. America, we are so proud of you. You did it.
What percent of imports are from perfect competition companies
April 4, 2025 at 8:52 PM
What percent of imports are from perfect competition companies
Reposted by defendtheworld.bsky.social
Hot off the press is a new blog detailing our observations from in the wild exploitation of CVE-2025-22457 by UNC5221 including two newly observed malware families tracked as BRUSHFIRE and TRAILBLAZE.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | Google Cloud Blog
cloud.google.com
April 3, 2025 at 4:26 PM
Hot off the press is a new blog detailing our observations from in the wild exploitation of CVE-2025-22457 by UNC5221 including two newly observed malware families tracked as BRUSHFIRE and TRAILBLAZE.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Today I learned that cracking keys now takes about 1/3rd as many qubits as before without substantially different gate counts.
Clémence Chevignard, Pierre-Alain Fouque, and André Schrottenloher 2024.
eprint.iacr.org/2024/222.pdf
Clémence Chevignard, Pierre-Alain Fouque, and André Schrottenloher 2024.
eprint.iacr.org/2024/222.pdf
eprint.iacr.org
April 2, 2025 at 1:08 AM
Today I learned that cracking keys now takes about 1/3rd as many qubits as before without substantially different gate counts.
Clémence Chevignard, Pierre-Alain Fouque, and André Schrottenloher 2024.
eprint.iacr.org/2024/222.pdf
Clémence Chevignard, Pierre-Alain Fouque, and André Schrottenloher 2024.
eprint.iacr.org/2024/222.pdf
Reposted by defendtheworld.bsky.social
Today's April 1st. From garage geeks to tech titans: Happy Birthday, Apple
Our team discovered some security vulnerabilities in launchd, SMB, and Kerberos, now patched. #CVE-2025-24269 #CVE-2025-31182 #CVE-2025-24235 #CVE-2025-30444
support.apple.com/en-us/122373
support.apple.com/en-us/122371
Our team discovered some security vulnerabilities in launchd, SMB, and Kerberos, now patched. #CVE-2025-24269 #CVE-2025-31182 #CVE-2025-24235 #CVE-2025-30444
support.apple.com/en-us/122373
support.apple.com/en-us/122371
About the security content of macOS Sequoia 15.4 - Apple Support
This document describes the security content of macOS Sequoia 15.4.
support.apple.com
April 1, 2025 at 8:00 PM
Today's April 1st. From garage geeks to tech titans: Happy Birthday, Apple
Our team discovered some security vulnerabilities in launchd, SMB, and Kerberos, now patched. #CVE-2025-24269 #CVE-2025-31182 #CVE-2025-24235 #CVE-2025-30444
support.apple.com/en-us/122373
support.apple.com/en-us/122371
Our team discovered some security vulnerabilities in launchd, SMB, and Kerberos, now patched. #CVE-2025-24269 #CVE-2025-31182 #CVE-2025-24235 #CVE-2025-30444
support.apple.com/en-us/122373
support.apple.com/en-us/122371
Reposted by defendtheworld.bsky.social
Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
pagedout.institute?page=issues....
You can download it here:
pagedout.institute?page=issues....
March 29, 2025 at 12:17 PM
Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
pagedout.institute?page=issues....
You can download it here:
pagedout.institute?page=issues....
What’s up with YouTube ads asking for location lately
March 29, 2025 at 6:45 PM
What’s up with YouTube ads asking for location lately
Reposted by defendtheworld.bsky.social
March 13, 2025 at 6:00 PM
Reposted by defendtheworld.bsky.social
My contempt for anyone involved with this drivel knows few limits. Conflating issues and fear mongering because a Chinese company dared to publish an actual open model:
techcrunch.com/2025/03/13/o...
And trying to talk about copyright after training in Libgen.
Hypocrisy, lies, grifting :-(
techcrunch.com/2025/03/13/o...
And trying to talk about copyright after training in Libgen.
Hypocrisy, lies, grifting :-(
OpenAI calls DeepSeek 'state-controlled,' calls for bans on 'PRC-produced' models | TechCrunch
In a proposal, OpenAI describes DeepSeek as 'state-controlled,' and recommends banning models from it and other PRC-affiliated operations.
techcrunch.com
March 14, 2025 at 8:00 AM
My contempt for anyone involved with this drivel knows few limits. Conflating issues and fear mongering because a Chinese company dared to publish an actual open model:
techcrunch.com/2025/03/13/o...
And trying to talk about copyright after training in Libgen.
Hypocrisy, lies, grifting :-(
techcrunch.com/2025/03/13/o...
And trying to talk about copyright after training in Libgen.
Hypocrisy, lies, grifting :-(
Only way to make sure a security review gets good coverage
March 7, 2025 at 4:43 AM
Only way to make sure a security review gets good coverage
I wrote up my thoughts on a promising new project to evolve wpa3 to better support multipass without having users pay a “security tax” www.supernetworks.org/pages/blog/w...
Advancing DecoyAuth is Key to Making WiFi & WPA3 More Secure | SPR
Pioneering WiFi Security
www.supernetworks.org
March 6, 2025 at 11:02 PM
I wrote up my thoughts on a promising new project to evolve wpa3 to better support multipass without having users pay a “security tax” www.supernetworks.org/pages/blog/w...
Reposted by defendtheworld.bsky.social
Full details of EntrySign, the AMD Zen microcode signature validation vulnerability disclosed last month. bughunters.google.com/blog/5424842...
Blog: Zen and the Art of Microcode Hacking
This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.
bughunters.google.com
March 5, 2025 at 11:46 PM
Full details of EntrySign, the AMD Zen microcode signature validation vulnerability disclosed last month. bughunters.google.com/blog/5424842...
Reposted by defendtheworld.bsky.social
A while back I was helping examine the security of the Starlink terminal and found a very obvious bug in the bootloader that was only unexploitable due to the memory layout of the terminal. Critical infrastructure shouldn't depend on Starlink without a shitload of auditing.
March 5, 2025 at 8:58 PM
A while back I was helping examine the security of the Starlink terminal and found a very obvious bug in the bootloader that was only unexploitable due to the memory layout of the terminal. Critical infrastructure shouldn't depend on Starlink without a shitload of auditing.
Reposted by defendtheworld.bsky.social
Reposted by defendtheworld.bsky.social
Denmark’s ambassador to 🇺🇸 responds to Lindsey Graham’s betrayal and abandonment of Ukraine (and Europe)
March 2, 2025 at 3:22 AM
Denmark’s ambassador to 🇺🇸 responds to Lindsey Graham’s betrayal and abandonment of Ukraine (and Europe)